Chrome 59和基于Selenium / Fluentlenium的基本身份验证 [英] Chrome 59 and Basic Authentication with Selenium/Fluentlenium
问题描述
Chrome 59的删除了对https:// user:password@example.com网址的支持 。
我有一个测试使用了现在已经破解的这个功能,所以我试图用一个等待身份验证弹出窗口并填写细节。但以下方式在Chrome浏览器上不起作用(它不会将auth弹出窗口显示为提醒):
alert()。authenticateUsing(new UserAndPassword(test,test));
纯硒版本有相同的问题:
WebDriverWait wait = new WebDriverWait(getDriver(),10);
Alert alert = wait.until(ExpectedConditions.alertIsPresent());
alert.authenticateUsing(new UserAndPassword(test,test));
(根据此处给出的答案:如何处理身份验证弹出与Selenium WebDriver使用Java))
我可以看到在FireFox中处理这个问题的几种解决方法,但对Chrome没有任何解决方法。有没有其他方法?
我相信Florent B的解决方案是可行的,但是对于旧式测试,我发现zoonabar的解决方案发布到这个重复的问题更容易实现,代码少得多,并且不需要专门准备测试盒。看起来代码的新开发人员看起来更容易。
简而言之:在访问被测URL(在没有证书的情况下)访问任何带有凭据的URL )会导致浏览器记住凭据。
$ b
goTo(http:// user:密码@ localhost的); //缓存auth,但是页面本身被阻塞
goTo(http:// localhost); //使用缓存的认证,页面渲染罚款
//继续像往常一样测试
觉得自己像浏览器中的漏洞一样会被修补,但我认为这不太可能;为避免网络钓鱼风险(已选择的用户名看起来像域名),实施了限制,例如 http://google.com:long-token-here-which-makes-the-real-domain-disappear@example.com/ ),并且这种设置凭证的解决方法不会带来相同的风险。
Chrome 59 has removed support for https://user:password@example.com URLs.
I have a test which was using this feature which has now broken, so I'm trying to replace it with a version which waits for the authentication popup and fills in the details. But the following doesn't work on Chrome (which doesn't see the auth popup as an alert):
alert().authenticateUsing(new UserAndPassword("test", "test"));
The selenium-only version has the same issue:
WebDriverWait wait = new WebDriverWait(getDriver(), 10);
Alert alert = wait.until(ExpectedConditions.alertIsPresent());
alert.authenticateUsing(new UserAndPassword("test", "test"));
(based on the answer given here: How to handle authentication popup with Selenium WebDriver using Java)
I can see several workarounds for handling this in FireFox, but nothing for Chrome. Is there any alternative approach?
I'm sure Florent B's solutions are viable, but for retro-fitting an old test, I found that zoonabar's solution posted to this duplicate question is easier to implement, takes considerably less code, and requires no special preparation of the test box. It also seems that it would be easier to follow for new developers looking at the code.
In short: visiting any URL with credentials before visiting the URL under test (without credentials) will cause the browser to remember the credentials.
goTo("http://user:password@localhost"); // Caches auth, but page itself is blocked
goTo("http://localhost"); // Uses cached auth, page renders fine
// Continue test as normal
This may feel like a vulnerability in the browser which will be patched, but I think this is unlikely; the restriction has been imposed to avoid phishing risks (where the username chosen looks like a domain, e.g. "http://google.com:long-token-here-which-makes-the-real-domain-disappear@example.com/"), and this workaround for setting credentials doesn't pose the same risk.
这篇关于Chrome 59和基于Selenium / Fluentlenium的基本身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
